Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
ImageMagick
ImageMagick-CVE-2022-1270.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2022-1270.patch of Package ImageMagick
diff --git a/coders/miff.c b/coders/miff.c index 25b2c9d7ec..4350f6d9b0 100644 --- a/coders/miff.c +++ b/coders/miff.c @@ -463,6 +463,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, i; size_t + compress_extent, length, packet_size; @@ -1261,11 +1262,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, packet_size+=quantum_info->depth/8; if (image->compression == RLECompression) packet_size++; - length=image->columns; - length=MagickMax(MagickMax(BZipMaxExtent(packet_size*image->columns), - LZMAMaxExtent(packet_size*image->columns)),ZipMaxExtent(packet_size* - image->columns)); - compress_pixels=(unsigned char *) AcquireQuantumMemory(length, + compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size* + image->columns),LZMAMaxExtent(packet_size*image->columns)), + ZipMaxExtent(packet_size*image->columns)); + compress_pixels=(unsigned char *) AcquireQuantumMemory(compress_extent, sizeof(*compress_pixels)); if (compress_pixels == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); @@ -1403,6 +1403,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, length=(size_t) BZipMaxExtent(packet_size*image->columns); if (version != 0.0) length=(size_t) ReadBlobMSBLong(image); + if (length > compress_extent) + ThrowReaderException(CorruptImageError, + "UnableToReadImageData"); bzip_info.avail_in=(unsigned int) ReadBlob(image,length, (unsigned char *) bzip_info.next_in); } @@ -1428,6 +1431,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, { lzma_info.next_in=compress_pixels; length=(size_t) ReadBlobMSBLong(image); + if (length > compress_extent) + ThrowReaderException(CorruptImageError, + "UnableToReadImageData"); lzma_info.avail_in=(unsigned int) ReadBlob(image,length, (unsigned char *) lzma_info.next_in); } @@ -1459,6 +1465,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, length=(size_t) ZipMaxExtent(packet_size*image->columns); if (version != 0.0) length=(size_t) ReadBlobMSBLong(image); + if (length > compress_extent) + ThrowReaderException(CorruptImageError, + "UnableToReadImageData"); zip_info.avail_in=(unsigned int) ReadBlob(image,length, zip_info.next_in); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor